But some fear that there isn't enough built-in data protection for such devices.

The National Highway Traffic Safety Administration has proposed a new unified standard for event data recorders for cars, commonly known as “black boxes.”

Such devices, which are already in use in 96 percent of 2013 model year cars, record various types of data that can be accessed in multiple ways. The agency also estimates that 92 percent of 2010 model year cars have “some EDR capability.” The NHTSA estimates that requiring EDRs would add just $20 in manufacturing costs to each car.

As we reported earlier this year, Congress has two related, pending bills on car EDRs that have not yet been reconciled between the two houses. The new NHTSA rule would require EDRs in all new light passenger vehicles starting in September 1, 2014, and would prescribe what type of data is to be collected.

"By understanding how drivers respond in a crash and whether key safety systems operate properly, NHTSA and automakers can make our vehicles and our roadways even safer," said Transportation Secretary Ray LaHood in a statement on Friday. "This proposal will give us the critical insight and information we need to save more lives."

Who owns the black box data?

As per NHTSA's proposed rule, the collected data would include vehicle speed, whether the brake had been activated, crash forces at the moment of impact, the state of the engine throttle, airbag deployment timing, and whether or not seatbelts were in use.

Since 2006 the NHTSA established recommended guidelines for EDRs, but did not mandate them. As we reported in April 2012, car manufacturers have been required to disclose the presence and physical location of an EDR in a car's owner's manual since 2011. Seven years earlier, California became the first state to mandate such disclosure.

The NHTSA has a policy that EDR data would be treated as the property of the vehicle owner and not accessed without his or her permission. The agency also noted in its new 56-page document (PDF) that it “does not have any authority to establish legally-binding rules regarding the ownership or use of a vehicle’s EDR data.”

Securing the black box data with a key

However, many activists feel that NHTSA and Congress have not done enough to protect and preserve that EDR data.

The biggest champions of further revision are a team at the Institute of Electrical and Electronics Engineers (IEEE) that has been pushing for an EDR standard, which would include requiring a "connector lockout," or a way to physically secure access to the EDR data, in addition to standardizing what data was collected. A two-person team published a draft standard in 2004, which was later revised in 2010.

“The main concern of the IEEE standard is that at the time of the vehicle crash the crash data is secure so [that] it has probative value in a court of law and that it has scientific value,” he told Ars, noting that it was trivial for anyone to tamper with this data at present.

140 Reader Comments

I don't understand what people are so afraid of with this. It isn't giving away personal data.

The speed limit on I-75 where I drive to work is 55. The traffic flows at about 70, and the State Troopers don't even glance at anyone going less than 80.

Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

[Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

as with any surveillance, we should put it on public vehicles and publish it annually (we are the ones paying for it after all) and see if there is any fallout. if our politicians, police, and other govt employees are good with it... then i guess it would be ok. (i am guessing it would be stopped very quickly)

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

Except he's in a 1985 Toyota truck that isn't equipped with a data logger.

Added weight, cost, and complexity. No thanks. Instead of safer cars, data collection, and all this other crap we need to make the difficulty of getting a drivers license WAY harder. There's no practical application portion to getting a license to speak of. You drive a few blocks and they deem you worthy. It's a joke how easy it is to get permission to control a 2 ton automobile in this country. Hell, most people can't even change their own flat tire!

... That's ... that's pretty useless. What about lateral g's, pitch/roll positioning of the car, and occupancy/load? Available traction?

As it stands right now, they're getting a very incomplete picture - sure, you can say "this guy was going fast" or what not, but that says nothing about the other factors. If he was going well under the limit at impact, was it because there was bad traction? Through a turn? Did he have an overloaded car, yet hit the brakes at the appropriate time with an underestimation of the effect passenger load had on the vehicle? Did they attempt a swerve to avoid? Etc.

One of my big questions on this technology is: How is this going to integrate with the current search and seizure and self incrimination laws in the United States?

When I buy a car, it is my property. It, including the black box, is covered under the forth amendment's search and seizure provisions. If the vehicle gets in an accident, the police have no right to search and seize my property without a search warrant.

Furthermore, it could be argued that using data on the device is a form of self incrimination which is prohibited by the fifth amendment to the US Constitution.

[Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

You assume he's driving in a car with a black box like yours, and that people know the road you were driving on has a flow that fast instead of looking at your speed versus the speed limit. Doesn't quite work that way in the real world.

Added weight, cost, and complexity. No thanks. Instead of safer cars, data collection, and all this other crap we need to make the difficulty of getting a drivers license WAY harder. There's no practical application portion to getting a license to speak of. You drive a few blocks and they deem you worthy. It's a joke how easy it is to get permission to control a 2 ton automobile in this country. Hell, most people can't even change their own flat tire!

Just saw your quote, and, obviously, ideally, this is the best solution. But, c'mon man, this is America. The public would never let that fly.

That would be like expecting Apple to sue the crap out of all competing smartphone developers and making the patent industry realize that it's wron- oh... wait.

Every time I hear the "lives will be saved" argument, I hear "think of the children" and "if you don't give us what we want, the terrorists will win".

We can debate the merits of EDRs, but I doubt they will have that large an impact on road safety. They surely do not run open source software, so nobody can really check what's going on in these black boxes. Will it be hooked up to the on-board GPS system? Next, add a small gsm device for traffic prediction, and before you know it we'll be getting personalized ads based on our travels.

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

Except he's in a 1985 Toyota truck that isn't equipped with a data logger.

And you will have no idea who the other drivers are as they will be long gone by the time the police arrives. There will be no way to determine that you were going along with the flow of traffic.

Extensive experience in the aviation industry has shown that data recorders save lives. Furthermore, there is nothing private about how you drive. The activity clearly takes place in public and, no matter how safely you drive, will always pose at least a small risk to the safety of other people.

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

Except he's in a 1985 Toyota truck that isn't equipped with a data logger.

And you will have no idea who the other drivers are as they will be long gone by the time the police arrives. There will be no way to determine that you were going along with the flow of traffic.

No. You see, all of that is going to be recorded and stored centrally, so law enforcement can check the flow of traffic at the time of the accident.

I don't understand what people are so afraid of with this. It isn't giving away personal data.

Do these people also not fly on planes since they have black boxes?

Perhaps if they're the pilot, they're not gonna pull loop'd'loops if they have an EDR.

Same with a car, you don't want someone knowing how fast you drive or how quickly you accelterated.

Think of it this way, you get stopped by the police for speeding. The cop walks over, asks you to step out of the vehicle and plugs in an EDR reader, which confirms you were speeding. You have the option to pay the fine right then and there. City revenues go up and it becomes a popular thing all over the country until people start removing or disabling EDRs in their cars and then start going to jail.

Alternatively his data would show him also going too fast and if the data of others nearby could be obtained it would show them also going too fast, thus establishing the flow of traffic being ~70mph instead of just a he said/she said scenario.

Aha! I never said I was going "too fast," although I implied that I was exceeding the speed limit. The cold, hard fact is that, in the scenario I posited, I was Breaking The Law (tm) and the fact that others were doing the same thing doesn't excuse my behavior. My business law course was long ago and far away, but the business of contributory and comparative negligence seemed complicated even when it was fresh in my mind.

I'm pretty certain the EDR hurts rather than helps in my scenario.

Of course, if I understand things right, the EDR is triggered by air bag deployment. If the air bag blows up in my face while I'm going 70 MPH on I-75, I'm going to be dead and out of trouble.

You know, my problem isn't with the blackbox or what they intend to use it for. I have no issue paying for it and it being used for "Safety". My issue is that we all know this is the current intention, though it's only a matter of time where some blackbox would have helped stop some shooting. There will be a new cast with some FBI guy saying "If only we had mandatory gps in these blackboxes and we had access, all this pain would have never happened". People will allow fear to overrule sense and allow them to create laws that force gps on them.

Then the government will start monitoring and tracking on every vehicle in the US on a database and the the president will use "national security" as a reason to squash the EFF or Civil Liberties Union interest in getting this investigated as illegal. Then they'll get hacked and we'll find out on Wikileaks that the government held the real time location of every vehicle for the last x years and continues to do so illegally.

Then it'll go further & further until it's beyond control.

The USSR didn't turn on it's people over night, there wasn't a "hey, we're going to create all these laws to subjugate the people. Just sleep and in the morning you will all live in fear of the government as you should". Many of the laws and organization that held the people under oppression and fear had logic and reason when they were first instigated. It's when they were changed and perverted that they began to instill fear.

One of my big questions on this technology is: How is this going to integrate with the current search and seizure and self incrimination laws in the United States?

When I buy a car, it is my property. It, including the black box, is covered under the forth amendment's search and seizure provisions. If the vehicle gets in an accident, the police have no right to search and seize my property without a search warrant.

Furthermore, it could be argued that using data on the device is a form of self incrimination which is prohibited by the fifth amendment to the US Constitution.

Driving is not a right, it's a privilege in most states which is why for example they can suspend your licence for refusing a breathalyzer test. They could do the same with access to the black box for the same reason

I don't understand what people are so afraid of with this. It isn't giving away personal data.

The speed limit on I-75 where I drive to work is 55. The traffic flows at about 70, and the State Troopers don't even glance at anyone going less than 80.

Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

So the data proves you did nothing wrong and the other guy made an unsafe lane change. You should be happy about that...

You seem to have missed the entire rest of the thread, where it's pretty clearly possible that the other vehicle doesn't have an EDR.

And this is assuming (wild assumption) that EDRs aren't tampered with.

Not to mention implementation problems. If your EDR isn't working right, what's the effect on the vehicle? Does it inhibit starting?

What about interpretational problems; if someone's coming up behind me fast and looks drunk, I may need to exceed the speed limit to get the hell out of their way. However, the EDR doesn't see this kind of thing, nor are most GPS units capable of reliably measuring accurately enough to determine lane changes, so it wouldn't be obvious I wasn't just speeding up to bypass some traffic.

EDRs work in planes because they're a relatively simple traffic situation. Cars are a whole different can of worms.

I don't understand what people are so afraid of with this. It isn't giving away personal data.

The speed limit on I-75 where I drive to work is 55. The traffic flows at about 70, and the State Troopers don't even glance at anyone going less than 80.

Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

So the data proves you did nothing wrong and the other guy made an unsafe lane change. You should be happy about that...

No, technically he was speeding. Period. He's screwed on his insurance, he's now got evidence for a speeding ticket, and since he was doing something illegal at the time, he's likely to be found at least partially (if not fully) at fault.

It doesn't matter what everyone else was doing. Or what the cops don't bother to pay attention to. 55 is the limit, period. Anything documentation proving you were going well over that WILL be used against you. (For sure by the insurance company)

This is also a reason that I'd never consider getting that monitor that one of the insurance companies offers. Add this monitor, and we'll give you a discount - since obviously it will show that you only ever drive safely, right?

I'm in the same boat on the DC beltway. 55 Limit, but 70 was the actual speed for traffic.

It also reminds me of my time on the Autobahn. Even in the areas with no posted limit, there were caps on what your insurance would cover you for. I'd be going 100mph completely legally and getting passed by minivans and station wagons, but if I was in a wreck, I would have been pretty screwed when it came time for an insurance claim.

Extensive experience in the aviation industry has shown that data recorders save lives. Furthermore, there is nothing private about how you drive. The activity clearly takes place in public and, no matter how safely you drive, will always pose at least a small risk to the safety of other people.

Sorry, but a highly trained pilot is in no way comparable to a very minimally trained car driver. You're comparing two different tiers of people, two entirely different modes of travel, and car drivers are way less trained than even a puddle jumper pilot. A lot of safety in aviation comes in stringent repair/service requirements on components and the aircraft itself, those workers that do that maintenance are highly trained and meet stringent requirements of competence, and not anyone can get a pilots license by simply answer 40 questions on a piece of paper, and not hit a cone in a parking lot. Just because airplanes and cars move people doesn't mean that they are comparable across the board, or because they share a component that serves a somewhat similar function.

These boxes will not save lives because they treat a symptom and don't treat the disease. The problem is not unsafe cars, it's unsafe drivers. If you continue to let stupid, inattentive teenagers and old people with slow reaction times and a constant bitch that things changed from 1960 to today, you'll never make roads safer.

"Massachusetts Lt. Gov. Timothy Murray initially said that he wasn't speeding and that he was wearing his seat belt when he crashed a government-owned car last year. But the Ford Crown Victoria's data recorder told a different story: It showed the car was traveling more than 100 mph and Murray wasn't belted in."

"In 2007, then-New Jersey Gov. Jon Corzine was seriously injured in the crash of an SUV driven by a state trooper. Corzine was a passenger. The SUV's recorder showed the vehicle was traveling 91 mph on a parkway where the speed limit was 65 mph, and Corzine didn't have his seat belt on."

You know, my problem isn't with the blackbox or what they intend to use it for. I have no issue paying for it and it being used for "Safety". My issue is that we all know this is the current intention, though it's only a matter of time where some blackbox would have helped stop some shooting. There will be a new cast with some FBI guy saying "If only we had mandatory gps in these blackboxes and we had access, all this pain would have never happened". People will allow fear to overrule sense and allow them to create laws that force gps on them.

Then the government will start monitoring and tracking on every vehicle in the US on a database and the the president will use "national security" as a reason to squash the EFF or Civil Liberties Union interest in getting this investigated as illegal. Then they'll get hacked and we'll find out on Wikileaks that the government held the real time location of every vehicle for the last x years and continues to do so illegally.

Then it'll go further & further until it's beyond control.

The USSR didn't turn on it's people over night, there wasn't a "hey, we're going to create all these laws to subjugate the people. Just sleep and in the morning you will all live in fear of the government as you should". Many of the laws and organization that held the people under oppression and fear had logic and reason when they were first instigated. It's when they were changed and perverted that they began to instill fear.

Paranoid much? That would fail for the same reason the UK's CCTV failed. Too much information means that the information only gets looked at after there is a reason to look at it.

Didn't say the US was turning into the USSR. But look at a lot of the controversial laws or laws that have been subverted to other purposes in the name of protections. Ignoring the things that history has to teach us is irresponsible. Photographers getting harrassed for taking photos in public, the president having to weight in that there is nothing wrong with taking videos on police on duty, people getting taken off US soil and sent overseas are unable to bring the case in light because the president says it's not in the interested of "national security" (Maher Arar, among others).

The US used to be a country of personal freedoms. It is now a country that believes the sacrifices of the few are necessary for the greater protection of the many. I'd love to be proven wrong and believe in this country again. So feel free to reply with something logical, instead of "paranoid much?".

If the black box is labelled as a possession of the owner, and is externally accessible and not enclosed inside of the cabin or trunk, wouldn't law enforcement have full access to it without need for a search warrant or explicit approval of the owner? As far as I understand the laws as written, with search and seizure and public discovery laws in particular, they absolutely would.

Reasonably, if it is also labelled as property of the car owner, could said car owner not hack or disable the device, or would the usual travesty of EULA's and warranty mandatory compliances steamroll the consumer once again?

One of my big questions on this technology is: How is this going to integrate with the current search and seizure and self incrimination laws in the United States?

When I buy a car, it is my property. It, including the black box, is covered under the forth amendment's search and seizure provisions. If the vehicle gets in an accident, the police have no right to search and seize my property without a search warrant.

True, although 1) not everything you own in your car is your property and subject to Fourth Amendment search and seizure provisions, and 2) Fourth Amendment protections do not protect cars nearly as well as you might think.

In the first case, you do not own all government-mandated forms of identification on your vehicle, such as your license plate. It is conceivable that if the government mandates these to be in every car, then the black box thusly belongs to the government and not to you. This would also prevent your ability to crack in and tamper with the evidence if it does not belong to you. Current laws say that you own the data, thankfully. However, I can very easily imagine legislation passing that reverses this and gives the data to the government.

Second, Fourth Amendment protections over vehicles are extremely weak since you are not considered in many states to be within the protected curtilage of your home (often it's a state-by-state issue for state constitutions, but federal law has what is infamously known as the "Automobile Exception"). Since you are driving a car in public, your driving habits are not subject to the same privacy scrutiny. All a police officer needs is "probable cause" that you have committed a crime, and they can quite literally search your car and tear open the upholstery to look for evidence. See Carroll v. United States for more info. If they can do that, what's to stop them from simply plugging into your box and downloading the data if they "reasonably suspect" you were the cause of a crime?

Valen wrote:

Furthermore, it could be argued that using data on the device is a form of self incrimination which is prohibited by the fifth amendment to the US Constitution.

It could be argued, but the argument would fail spectacularly. Self-incrimination only applies to compulsory testimony. While the data is certainly compulsory, regulatory data will only be considered testimonial and in violation of a defendant's Fifth Amendment rights when: 1) the law targets a highly selective group inherently suspect of criminal activities; 2) the activities sought to be regulated are already permeated with criminal statutes as opposed to essentially being non-criminal and largely regulatory; and 3) the disclosure compelled creates a likelihood of prosecution and is used against the record-keeper. Check out Albertson v. Subversive Activities Control Board.

Since the law does not selectively target an inherently suspect group and is regulatory in nature, this wouldn't apply. Data is rarely considered testimonial, since to do so would also prohibit, for example, the government from introducing evidence on your hard drive that you produce child pornography (your data used against you).

Also, Fifth Amendment means squat in civil cases, where this will undoubtedly be the biggest issue (you versus your insurance company). Although at least with civil cases involving insurance companies, the "wrong" against you is contractual in nature, which in theory can be addressed by open/free market/Freem'Arkhet/etc. concerns (i.e. you could just change insurance companies or drop it altogether if they use that data unreasonably against you). Granted, it's illegal in many (all?) places to not carry automobile insurance, so essentially the entirety of market control goes to supplier power.

I find it interesting that almost all assertions I've encountered that claim the free market doesn't work usually has some legislative regulation propping up the imbalance of power reflected in Porter's Five Forces. Statutory monopolies are not products of a free market.

I don't understand what people are so afraid of with this. It isn't giving away personal data.

The speed limit on I-75 where I drive to work is 55. The traffic flows at about 70, and the State Troopers don't even glance at anyone going less than 80.

Now, suppose an accident where I'm driving along with the flow of traffic, at a steady speed, and holding steady in one lane. Some maroon changing lanes tries to occupy the same space as my car, spins out, hits the concrete median barrier, and is seriously injured.

While I may "own" the EDR data, it can be subpoenaed just like any other "record." (I think. I'm not a lawyer.) Imagine how happy that EDR would make me when I am sued for every penny I have..

Then learn to drive the fucking speed limit. I don't care how annoyed it makes others, I never exceed the speed limit.

You sound like the type that used to moan to your parents how little Johnny down the street did it, so you did it too.

Sorry, but where do you live? You would quite literally cause an accident if you tried to do that at some points on the beltway. When I moved here, my work orientation included a section about law enforcement ENCOURAGING people to drive with traffic at speed during rush hour.

Then learn to drive the fucking speed limit. I don't care how annoyed it makes others, I never exceed the speed limit.

You sound like the type that used to moan to your parents how little Johnny down the street did it, so you did it too.

You obviously don't live in a city with more than 20k people. I live in Atlanta, and if you aren't going 75 YOU are the problem. Stick to 1965 speed limits if you want, but you are the problem. Not the rest of us that respect the fact that going the speed limit is retarded when you have 6 lanes of traffic and going 55 is ludicrous. Low speed limits in Atlanta are a relic of the Baby Boomer generation, and a desperate attempt at revenue generation. It's more dangerous to go that slow than it is to exceed an arbitrary limit every day of the week. Speed doesn't kill or start accidents, it's the idiot teenager or geezer that doesn't pay attention to the cars around them, the road condition, or proper following distance.

In every article I've seen about this there's been no mention how useful the box would be. Saying it "saves lives" is not good enough, it has to save enough lives to justify the cost.

For example the recent mandate to include backup cameras will cost $18 million per life saved, above the $8 million that is usually used as the cutoff of what is cost effective.

I don't get your comparison. Backup cameras provide a direct benefit to the driver. What do I get from having a black box? Sure, it's useful to determine the cause of an accident. But the ONLY way it "saves lives" is if it convinces people to drive better because Big Brother is watching...

And I don't think most people have an issue with the actual $$$ cost...

Then learn to drive the fucking speed limit. I don't care how annoyed it makes others, I never exceed the speed limit.

You sound like the type that used to moan to your parents how little Johnny down the street did it, so you did it too.

There are many places in the U.S. where driving no faster than the speed limit will make you a road hazard. I'd agree with you if the speed limit made practical safety sense in every place it was enforced. But if I try going 45 on a blip of slow interstate where people regularly go 75-80, somebody's going to be scraping me and my black box off the intake grill of some cell-phone blabbing soccer mom.

The problem is that the law and your insurance companies won't take into account practical considerations for why you were breaking the law. Essentially this makes every road issue a strict liability issue instead of a negligence issue -- you break the law, you are guilty, no matter what reason. It basically sets traffic law back by about a century, since it punishes the attentive speeder while letting the inattentive law-abider get off scot-free.